From 0bd335403e7793551bb76cbdf629fbba05fdfecc Mon Sep 17 00:00:00 2001
From: corvid <corvid@lavabit.com>
Date: Thu, 25 Feb 2010 20:43:49 +0000
Subject: more robust http header field parsing

I noticed that I could trick it with a field like
"Content-TypexContent-Type: text/html\n", and I didn't like that.
---
 src/cache.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/cache.c')

diff --git a/src/cache.c b/src/cache.c
index 2bd7bb58..0116fbf5 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -595,6 +595,7 @@ static char *Cache_parse_field(const char *header, const char *fieldname)
         field = dStrndup(header + i, j);
         return field;
       }
+      while (header[i] != '\n') i++;
    }
    return NULL;
 }
@@ -630,6 +631,8 @@ static Dlist *Cache_parse_multiple_fields(const char *header,
             j--;
          field = dStrndup(header + i, j);
          dList_append(fields, field);
+      } else {
+         while (header[i] != '\n') i++;
       }
    }
 
-- 
cgit v1.2.3